TL;DR:
- KelpDAO and Aave announced the resumption of operations with rsETH after completing the first steps of the post-exploit recovery plan.
- The April 18 attack, attributed to North Korea’s Lazarus Group, generated approximately $190 million in bad debt for Aave and $292 million in total losses.
- Around $72 million in ETH recovered on Arbitrum remains frozen under a court restriction.
KelpDAOĀ and Aave confirmed they will resume operations linked to rsETH in the coming days,Ā after completing the first phase of the recovery plan stemming from theĀ $292 millionĀ exploit that took place on April 18.
KelpDAO Could Take Two Weeks to Reintroduce rsETH
According to the protocol’s announcement,Ā 117,132 rsETHĀ āequivalent to the amount stolenāĀ will be gradually reintroduced from the Aave Recovery Guardian and theĀ Kelp Recovery SafeĀ into theĀ LayerZero OFTĀ adapter on mainnet over the nextĀ two weeks. Once the smart contracts are reactivated,Ā rsETH deposits, redemptions, bridges, and claims are expected to become available again.
Kelp and Aave have successfully completed a series of steps for rsETH backing, including burning the exploiterās rsETH on Arbitrum.
117,132 rsETH will be progressively refilled from Aave Recovery Guardian and Kelp Recovery Safe into the LayerZero OFT adapter on mainnet over theā¦
— Kelp (@KelpDAO) May 12, 2026
Aave, for its part, confirmed that the first steps of the plan were completed,Ā including the burning of the attacker’s rsETH onĀ Arbitrum. The April attack remains the largest DeFi security breach so far in 2026. The actor behind the exploit, widely linked toĀ North Korea’s Lazarus Group,Ā deposited a significant portion of the stolen rsETH as collateral on AaveĀ to borrow WETH, generating approximatelyĀ $190 million in bad debtĀ for the protocol. This attack prompted the creation ofĀ DeFi United, a collective working group focused on restitution thatĀ raised more than $300 million in ETHĀ to limit the damage across markets.
Legal Conflict on Arbitrum
TheĀ Arbitrum Security CouncilĀ had frozen approximatelyĀ $72 million in ETHĀ belonging to the attacker on Arbitrum. However, the transfer of those tokens to the restitution fund was challenged byĀ plaintiffs linked to prior terrorism judgments against North Korea, who sought to restrict the Arbitrum DAO from moving the recovered assets.
Aave LLC filed an emergency motion in federal court arguing thatĀ the order was based on unproven claims about the role of theĀ Lazarus Group. The court ultimately allowed the transfer of ETH to Aave, although the protocolĀ remains unable to sell or move those funds without judicial authorization.
Technical Changes to the Protocol
On the technical side,Ā KelpDAO updated its LayerZero configuration to require four independent attestors, raised block confirmations from 42 to 64Ā andĀ removed all L2-to-L2 routes. The protocol is also advancing itsĀ migration to Chainlink CCIP.
LayerZero acknowledged that allowing single-verifier configurations for high-value transfers created security vulnerabilities, an admission thatĀ could redefine how DeFi teams assess bridge design and default security standards in high-value protocols.
